-
Courses
-
Analytics
-
Analytics
- Power BI
- Power BI Data Analysis
- Power BI - Beyond the Basics
- Power BI - Dax
- Power BI - Power Query & M
- Power BI - Visualisation
- Tableau
- Javascript D3
- SQL
- Python
- Python for Data Analysts & Quants
- Python for Financial Traders
- Python Machine Learning
- Python (Advanced)
- Python & NLP
- R
- Web Scraping
- Data Science and AI/ML (Python)
- TensorFlow
- AI for Business & IT Staff
- BI (Microsoft)
- Big Data
-
Analytics
- AI | ML
-
Front End
-
Web
- React
- React Native
- Ionic
- Vue.js
- Angular
- AngularJS 1
- ASP.NET Core 3 Razor Blazor components
- WebAssembly
- Aurelia
- ECMAScript 6 Introduction
- Backbone.js
- jQuery
- MongoDB
- NodeJS
- NodeJS (advanced)
- Google Polymer.js
- JavaScript & ECMAScript
- JavaScript (Intermediate)
- JavaScript (Advanced)
- CSS Cascading Style Sheets
- JavaScript for Sharpoint Developers
- Ext JS
- HTML 5 Coding
- UX
- Javascript D3
- Mobile
-
Web
-
Back End
- Python | R
- C++
-
.NET
- MVC - ASP.NET Core 1/Core 2
- .NET Introduction
- Reactive Extensions Rx
- Advanced ASP.NET 4.5
- Xamarin
- ASP MVC5 with Web API
- REST Services using Web API
- Windows Presentation Foundation
- WCF
- Entity Framework
- TFS for Developers
- TDD with .NET
- Functional Programming with F#
- Asynchronous and Parallel
- .NET Design Patterns
- ASP.NET Core 3 Razor Blazor components
- .NET Legacy
-
Java
- Spring Boot Microservices
- Spring 4 for the Enterprise
- Spring 4
- BDD using Cucumber
- RxJava
- Java SE 8 Introduction
- Java 8 New features & Best Practices
- Advanced Java
- Java EE 7 for Developers
- RESTful Services with Java
- JavaFX 8
- Eclipse Plug-in Development & RPC
- Enterprise Spring with Hibernate &JPA
- Test Driven Development in Java
- Kotlin
- Kotlin Beyond the Basics
- Kotlin Best Practices
- Scala | Akka
- Kotlin
- Ruby | PHP
- S/W Engineering
- XML
-
Security
- Threat Modelling for Developers
- Social Engineering
- Secure coding for Java and Javascript
- Secure coding in ASP.NET
- Secure coding in PHP
- OWASP 2017 & PCI Compliance
- GDPR
- GDPR for IT & Software Professionals
- CISSP
- CISM
- CISA
- Cyber Attack Simulation
- SSL/TLS & Internet PKI "in Practice"
- Information Security
- DevOps | Cloud
- Agile
- Architecture
- Data
- Integration
- IT Management
- IBM Mainframe
- Coming soon
-
Analytics
- Onsite
- About
- Case Studies
- Blog
- Graduates
- Consulting
Threat Modelling for Developers Training Course
Learn how to identify Vulnerabilities and tackle them with Threat Models.
TRAINING COURSE OVERVIEW
Threat modelling is a process to identify security weaknesses in software design and architecture, and define countermeasures that mitigate the malicious effects of the discovered weaknesses Threat modelling is a process to identify security weaknesses in software design and architecture, and define countermeasures that mitigate the malicious effects of the discovered weaknesses before any code is cut.
Our training course is designed for software developers and architects in mind. Threat modelling is language-agnostic. It can be easily used for any software development project and with any modern workflow such as Agile or DevOps. The analysis work is done on the design of the software system in order to improve the quality of the code that will be delivered in-sprint.
You will learn how to address security design concerns faced by software development teams with a combination of teaching modules and practical threat model exercises. The participants will be encouraged to work in teams, to foster discussions on how to implement security controls for the modelled threats on their software architecture.
All key stakeholders in an Application Development workflow should know how to assess the weak points in their systems and what questions to ask. The course will provide a framework to assess these questions and will yield immediate beneficial results.
The JBI THREAT MODELLING FOR DEVELOPERS TRAINING COURSE uses the Rapid Threat Model Prototyping methodology (RTMP). RTMP enables a development team to seamlessly integrate threat modelling with existing Agile / DevOps workflows.
You will learn a practical overview of the necessary disciplines for resolving application architecture and design issues according to OWASP good security practices.
We aim to instill skills which allow you to perform rapid threat modelling in a Consistent, Repeatable and Measurable manner.
AUDIENCE
Security focused Developers and software architects.
The target audience for this course are developers and architects who have identified themselves as wanting to take on the role of security champion; they will probably have minimal experience in security risk assessments and threat modelling. The course will provide a strong baseline of knowledge in these areas.
CONTENT
DETAILHIGHLIGHTS
• The main recipients for the course are security subject-matter experts, technical non-security professionals who have no/little experience of threat modelling (e.g. software devs, architects and engineers) and technically-oriented project leaders.
• The purpose of the course is to deliver the concept of threat modelling and to be able to complete a basic threat model using the Rapid Threat Model Prototyping methodology.
• By the end of the course, the class will understand threats, mitigations and risk rankings and will be able to use basic threat modelling techniques to drastically improve secure design of software.
• The course will enable participants to integrate RTMP into any software development process.
Threat modelling 101
• Overview of secure SDLC
• How Threat Modelling fits into a secure SDLC
• How Agile Architecture fits in
• Introduction to several common security classification systems
• What are STRIDE and OWASP Top 10
• Mini Lab - mapping system relationships
• Defining elements of software that are security concerns
• Threat Model types
• Traditional threat model process and its shortcomings
• The importance of context diagrams to threat modelling and reusing existing software designs
• Dependencies
• Mini Lab - discovering dependencies
Rapid Threat Model Prototyping 201
• Pareto Rule (80/20 ratio) and use in secure software development
• Introduction to the Rapid Threat Model Prototyping methodology
• Elements of a threat model
• How to integrate RTMP in an Agile/DevOps process
• Zones of Trust and using Zone rules to find threats
• Adding Zone and threat metadata to a software diagram
• Mini Lab - applying Zone rules
• Mitigation analysis
• Mini Lab - discovering mitigations
• Validation and triaging of results in an Agile/DevOps process
• Lab – full threat model of an internal system
• How to convert risks into backlog items that are prioritised accordingly (e.g. into Jira, MS DevOps or similar workflow systems)
• Examples and open conversation of threat models that you have from the real world, starting with simple systems and building up to more complicated systems
• How to use RTMP to quickly highlight flows/processes/etc that are high risk
• Advanced techniques using calculation of the RTMP elements. Formulae are outlined and broken down for comprehension.
• Discussion around how to implement a good security champion program to drive deep adoption of Rapid Threat Model Prototyping across the software development lifecycle.
• Use of RTMP in other parts of a business.
- Overview of secure SDLC
- How Agile Architecture fits in
- Introduction to several common security classification systems
- Defining elements of software that are security concerns
- Threat Model types
- Traditional threat model process
- Dependencies
- Rapid Threat Model prototyping process
- Zones of trust
- Using Zone rules to find threats
- How to quickly classify threats
- Mitigation analysis
- Validation and triaging of threats
- Lab – threat modelling an internal system
UPDATES
Receive the latest version of this course into your inbox
FEEDBACK
Garima Aon
Blog (Show All)
Threat Modelling and its role within Application Security
08/02/2018: The need for increased application security is dramatically changing the way software is built – for the better. By prioritising security during...
GDPR Implications for Software & IT Professionals
22/01/2018: The new Global Data Protection Regulation (GDPR) promises to be the biggest change in corporate information security since the original Data...
OWASP 2017 | AppSec skills and training Implications for Developers
15/01/2018: As 2018 gets under way, now is the perfect time to revisit the OWASP 2017 conference – and apply the best-practice guidelines discussed at the...
Case Studies (Show All)
Analysts gain Agile & Scrum Master Certification in 2 days
19/10/2017: A leading Financial Services organisation was keen to get several of its teams working consistently in an "Agile" way. Agile is an iterative...
Secure Coding skills help protect against cyber attack
13/10/2017: The BBC, who have a very substantial investment in technology, were keen to improve the quality of software development: to instil developers...
Modernising software development skills
07/10/2017: This client was expanding its capability to deliver technical training across EMEA. It had recently acquired a large technology company which...
PRIVATE COURSES
Bring a JBI course to your office
and train a whole team onsite
0800 028 6400 or request quote
You can customise this course to
suit your exact needs here
0800 028 6400 or request quote
CONTACT
0800 028 6400
Social Engineering
Secure coding for Java and Javascript
Secure coding in ASP.NET
Secure coding in PHP
OWASP 2017 & PCI Compliance
GDPR
Show all related courses
Why JBI ?
"great technology tips"
"Access to exclusive content"
"Short course means less time off"
"Inspiring trainers"
"Joined via web"
"Knowledgable sales staff"
Get exclusive news about upcoming programs, technical insights & special offers
Subscribe to our Newsletter – Receive the latest info on Tech courses & insights Subscribe